Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users
Essential information
- Published
- 06/10/2025 18:55
- Modified
- 08/10/2025 16:09
- Tags
- 2025-10-06 bradesco brazil brazilian c server format lnk file loader malware persistence phishing powershell sorvepotel telegram turn water saci watsonclient whatsapp whatsapp web
- Related entities
- 7 techniques (mitre), 1 malware, 8 others
Description
SORVEPOTEL has been observed to spread across Windows systems through convincing phishing messages with malicious ZIP file attachments. Interestingly, the phishing message that contains the malicious file attachment requires users to open it on a desktop, suggesting that threat actors might be more interested in targeting enterprises rather than consumers. Once opened, the malware automatically propagates via WhatsApp Web, causing infected accounts to be banned due to excessive spam activity.